Re: [Qemu-devel] [PATCH 0/5] Extend TPM support with a QEMU-external TPM

[Stefan Berger]

On 04/16/2015 02:55 PM, Michael S. Tsirkin wrote:
> On Thu, Apr 16, 2015 at 03:35:06PM +0200, Igor Mammedov wrote:
> > On Wed, 15 Apr 2015 18:38:43 -0400
> > Stefan Berger <address@hidden> wrote:
> >
> > > The following series of patches extends TPM support with an
> > > external TPM that offers a Linux CUSE (character device in userspace)
> > > interface. This TPM lets each VM access its own private vTPM.
> > > The CUSE TPM supports suspend/resume and migration. Much
> > > out-of-band functionality necessary to control the CUSE TPM is
> > > implemented using ioctl's.
> > >
> > > The series extends the TPM support so far that most functionality of
> > > TPM support on a physical platform is now available to each x86 VM,
> > > this includes the Physical Presence Interface support that has
> > > its counter-part in the SeaBIOS and is implemented using ACPI.
> > >
> > > http://www.seabios.org/pipermail/seabios/2015-March/008978.html
> > is it already merged?
> >
> > Is it possible to use MMIO region instead of allocating tpm_ppi_anchor
> > and tpm_ppi in BIOS memory?
> > That would simplify BIOS part a bit and significantly simplify ACPI code
> > as most of it is dealing with figuring out address of tpm_ppi.
> Which (if it works) I guess brings us back to the idea of using
> a pci device with a bar where we can stick tpm+vm id+whatever?

Well, at least the current implementation works with these patches + 
CUSE TPM + patched SeaBIOS .

So the PCI bar does not get reset during a machine reboot and thus 
preserves values? I did not model the TPM TIS as a PCI device, since it 
typically is not such a device, but a LPC devices (close to ISA type of 
device).

If we wanted to achieve that this method also works on real hardware, 
with SeaBIOS running piggy-backed on coreboot, then we shouldn't assume 
a PCI device, since it won't be. Otherwise, what are we trying to 
achieve? Is the ACPI code the problem?

    Stefan